ab109ab51550c450581e50d3119f3b176d832088ad155ab3ebb622bb5edde054 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ab109ab51550c450581e50d3119f3b176d832088ad155ab3ebb622bb5edde054
Size

462KB
Sample

221125-l1py7scg9x
MD5

f1d8a37e1435732dd862fcf7cdd01192
SHA1

7a0938389ab7b5251ad10c4987f38adcfb3916ab
SHA256

ab109ab51550c450581e50d3119f3b176d832088ad155ab3ebb622bb5edde054
SHA512

d37d560e83d1e6d621c080a37d7343e40172af95bb8d69ada7baf293f807689ea7ff5e978ca52a4ed35345e74a945648c5435ca7d27cb80996d691896e9322ed
SSDEEP

6144:Y1u/59th7K3fWKHgJthvS3MYd5+AXqEdeVf3mJA6TvsNA02acO1Lbd+IXh1H:Cu/59thevWKHgA3MYd5tpWoT2jbDf

Score

7^/10

Malware Config

Targets

- Target
  
  ab109ab51550c450581e50d3119f3b176d832088ad155ab3ebb622bb5edde054
- Size
  
  462KB
- MD5
  
  f1d8a37e1435732dd862fcf7cdd01192
- SHA1
  
  7a0938389ab7b5251ad10c4987f38adcfb3916ab
- SHA256
  
  ab109ab51550c450581e50d3119f3b176d832088ad155ab3ebb622bb5edde054
- SHA512
  
  d37d560e83d1e6d621c080a37d7343e40172af95bb8d69ada7baf293f807689ea7ff5e978ca52a4ed35345e74a945648c5435ca7d27cb80996d691896e9322ed
- SSDEEP
  
  6144:Y1u/59th7K3fWKHgJthvS3MYd5+AXqEdeVf3mJA6TvsNA02acO1Lbd+IXh1H:Cu/59thevWKHgA3MYd5tpWoT2jbDf
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2